Tycho gpg plugin does not require keyring import when using tycho's signer 'bc' #396
Description
In https://github.com/eclipse-cbi/jiro/wiki#required-steps-for-a-pipeline-job it is explained that the keyring has to be imported in the following way to use it with the maven-gpg-plugin:
withCredentials([file(credentialsId: 'secret-subkeys.asc', variable: 'KEYRING')]) {
sh 'gpg --batch --import "${KEYRING}"'
sh 'for fpr in $(gpg --list-keys --with-colons | awk -F: \'/fpr:/ {print $10}\' | sort -u); do echo -e "5\ny\n" | gpg --batch --command-fd 0 --expert --edit-key ${fpr} trust; done'
}
But at least when using the tycho-gpg-plugin with the bc signer it can be omitted and the keyring can be passed directly:
withCredentials([
file(credentialsId: 'secret-subkeys.asc', variable: 'KEYRING'),
string(credentialsId: 'gpg-passphrase', variable: 'KEYRING_PASSPHRASE')
]) {
sh '''
mvn clean verify -Dtycho.pgp.signer=bc -Dtycho.pgp.signer.bc.secretKeys="${KEYRING}" -Dgpg.passphrase="${KEYRING_PASSPHRASE}" -Dgpg.keyname="<your-keyname>"
'''
}
See also
- https://github.com/eclipse-m2e/m2e-core/blob/8bd12b6811f33311e4293c34a48690ed736fb43c/Jenkinsfile#L23-L39
- https://tycho.eclipseprojects.io/doc/4.0.9/tycho-gpg-plugin/sign-p2-artifacts-mojo.html#signer
- https://tycho.eclipseprojects.io/doc/4.0.9/tycho-gpg-plugin/sign-p2-artifacts-mojo.html#secretKeys
I think it's worth to mention that at least when using Tycho one can save the first step.